[Users] Questions on ovirt 3.3 browser based spice/novnc working

Alon Bar-Lev alonbl at redhat.com
Thu Aug 1 18:07:39 UTC 2013


If you install the proxy on the engine machine you just need:

# yum install ovirt-engine-websocket-proxy
# engine-setup

then answer yes when prompt if you like to configure websocket proxy.

you can execute engine-setup again even if you already installed. 

----- Original Message -----
> From: "Dead Horse" <deadhorseconsulting at gmail.com>
> To: "<users at ovirt.org>" <users at ovirt.org>
> Sent: Thursday, August 1, 2013 9:01:47 PM
> Subject: [Users] Questions on ovirt 3.3 browser based spice/novnc working
> 
> After Referencing:
> http://www.ovirt.org/Features/noVNC_console
> http://www.ovirt.org/Features/SpiceHTML5
> 
> and looking at some of the related engine code.
> 
> I am still attempting to get the spice/novnc browser based consoles to work.
> 
> I am working from a build from master yesterday I used to upgrade over a
> previous 3.3 master build from about a month back.
> 
> VDSM version on host is 4.12.0 built minutes ago.
> 
> I have installed and configured the websocket proxy like so:
> 
> Set WebSocketProxy to engine ENGINEIP port 6100
> engine-config -s WebSocketProxy=ENGINEIP:6100
> 
> /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name=websocket-proxy
> --password=install --subject="/C=US/O=DHC/CN=ENGINEFQDN"
> 
> This generates:
> /etc/pki/ovirt-engine/keys/websocket-proxy.p12
> /etc/pki/ovirt-engine/certs/websocket-proxy.cer
> /etc/pki/ovirt-engine/requests/websocket-proxy.req
> 
> However it does not generate the key that websockify wants so we do:
> openssl pkcs12 -in websocket-proxy.p12 -nocerts -nodes -out
> /etc/pki/ovirt-engine/keys/websocket-proxy.key
> 
> The configuration of ovirt-websocket-proxy:
> PROXY_HOST=*
> PROXY_PORT=6100
> SOURCE_IS_IPV6=False
> SSL_CERTIFICATE=/etc/pki/ovirt-engine/certs/websocket-proxy.cer
> SSL_KEY=/etc/pki/ovirt-engine/keys/websocket-proxy.key
> FORCE_DATA_VERIFICATION=False
> CERT_FOR_DATA_VERIFICATION=/etc/pki/ovirt-engine/certs/engine.cer
> SSL_ONLY=True
> TRACE_ENABLE=False
> TRACE_FILE=
> ENGINE_USR="/usr/share/ovirt-engine"
> 
> Install spice-html5
> git clone http://anongit.freedesktop.org/git/spice/spice-html5.git
> mv spice-html5 /usr/share
> 
> Test spice:
> In Webadmin UI we set create a VM, set display as spice, start it and set
> it's console to spice-html5.
> Result spice-html client opens in a new tab but does not connect.
> 
> From engine.log:
> 2013-08-01 12:49:52,352 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand]
> (ajp--127.0.0.1-8702-9) Running command: SetVmTicketCommand internal: false.
> Entities affected : ID: fec3260c-871a-4fbe-a006-9eee4fbfbbcc Type: VM
> 2013-08-01 12:49:52,371 INFO
> [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
> (ajp--127.0.0.1-8702-9) START, SetVmTicketVDSCommand(HostName =
> ovirtnodefoo, HostId = 5713e5c8-6252-4bce-a3f6-bbd8e1e6eb57,
> vmId=fec3260c-871a-4fbe-a006-9eee4fbfbbcc, ticket=TKfzUQJLLrUI,
> validTime=120,m userName=admin at internal,
> userId=fdfc627c-d875-11e0-90f0-83df133b58cc), log id: 5d258049
> 2013-08-01 12:49:52,445 INFO
> [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
> (ajp--127.0.0.1-8702-9) FINISH, SetVmTicketVDSCommand, log id: 5d258049
> 
> Test novnc:
> In Webadmin UI we set create a VM, set display as VNC, start it and set it's
> console to novnc.
> Result novnc client opens in a new tab but does not connect, but does display
> error: "Server disconnected (code: 1006)
> 
> From engine.log:
> 2013-08-01 12:50:44,800 INFO [org.ovirt.engine.core.bll.SetVmTicketCommand]
> (ajp--127.0.0.1-8702-9) Running command: SetVmTicketCommand internal: false.
> Entities affected : ID: fec3260c-871a-4fbe-a006-9eee4fbfbbcc Type: VM
> 2013-08-01 12:50:44,833 INFO
> [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
> (ajp--127.0.0.1-8702-9) START, SetVmTicketVDSCommand(HostName =
> ovirtnodefoo, HostId = 5713e5c8-6252-4bce-a3f6-bbd8e1e6eb57,
> vmId=fec3260c-871a-4fbe-a006-9eee4fbfbbcc, ticket=IPWOWh6U9erd,
> validTime=120,m userName=admin at internal,
> userId=fdfc627c-d875-11e0-90f0-83df133b58cc), log id: bff6161
> 2013-08-01 12:50:44,917 INFO
> [org.ovirt.engine.core.vdsbroker.vdsbroker.SetVmTicketVDSCommand]
> (ajp--127.0.0.1-8702-9) FINISH, SetVmTicketVDSCommand, log id: bff6161
> 
> I verified connection of both the spice/vnc console directly at the host
> level with a quick connect via virt-viewer.
> 
> A quick scan with nmap of engine and host to verify sockets are open:
> 
> Nmap scan report for engine
> Host is up (0.0042s latency).
> Not shown: 995 closed ports
> PORT STATE SERVICE
> 22/tcp open ssh
> 80/tcp open http
> 111/tcp open rpcbind
> 443/tcp open https
> 6100/tcp open synchronet-db
> 
> Nmap scan report for host
> Host is up (0.0045s latency).
> Not shown: 997 closed ports
> PORT STATE SERVICE
> 22/tcp open ssh
> 111/tcp open rpcbind
> 5900/tcp open vnc
> 
> For grins I stopped the websocket proxy and manually started a websockify
> like so:
> websockify 3.57.111.11:6100 3.57.111.12:5900
> --cert=/etc/pki/ovirt-engine/certs/websocket-proxy.cer
> --key=/etc/pki/ovirt-engine/keys/websocket-proxy.key
> 
> WARNING: no 'numpy' module, HyBi protocol is slower or disabled
> WebSocket server settings:
> - Listen on ENGINEIP:6100
> - Flash security policy server
> - SSL/TLS support
> - proxying from ENGINEIP:6100 to HOSTIP:5900
> 
> Attempting another connection via
> https://ENGINEFQDN//ovirt-engine-novnc-main.html?host=ENGINEIP&port=6100
> results in:
> 
> 1: handler exception: [Errno 1] _ssl.c:1359: error:14094418:SSL
> routines:SSL3_READ_BYTES:tlsv1 alert unknown ca
> 
> 
> I should also note in case it matters that the SSLEnabled=false, and
> EnableSpiceRootCertificateValidation are both set as false are set in my
> engine options.
> 
> Am I doing something wrong here, I don't see any reason this should not work?
> 
> - DHC
> 
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> 



More information about the Users mailing list